Apple's Developer site has been down for a couple of hours now, and while it originally seemed like the outage was related to maintenance, a few reports trickling in from developers suggests there could potentially be another cause.
Several developers
are reporting that all of their developer account addresses have been updated with an address in Russia, perhaps indicating some kind of breach or serious internal error. According to multiple developer reports, their accounts list a Russian address instead of their correct address.
It's not clear what's going on with the developer site at this time. We have reached out to Apple for more information and will update this post should any new information become available.
Back in 2013, Apple's Developer Center was
breached by hackers and was taken offline for several days as Apple worked to fix the breach, rebuild the developer database, and implement better security practices. At that time, Apple said sensitive personal information was encrypted and inaccessible, but some developers' names, mailing addresses, and email addresses may have been leaked.
Update: The Apple Developer site is now back up. No reason has been provided for the outage or the appearance of Russian addresses on some accounts.
Update 2: In a statement provided to
MacRumors and sent out to affected developers, Apple's Developer Program support staff says there was no security breach. Instead, there was a bug in the account management application that caused address information to be temporarily displayed incorrectly.
"Due to a bug in our account management application, your address information was temporarily displayed incorrectly in your account details on the Apple Developer website. The same incorrect address was displayed to all affected developers. The underlying code-level bug was quickly resolved and your address information now shows correctly. There was no security breach and at no time were the Apple Developer website, applications, or services compromised; nor were any of your Apple Developer membership details accessed by, shared with, or displayed to anyone."
Top Rated Comments
(View all)This probably has little to do with login, hackers most likely found a backdoor.
If there was a backdoor, my money’s on it being disclosed by that HomePod firmware.
Bad timing. . .
It always is.
But it was never confirmed in the previous hack. Within 4 years, wouldn't they have contacted affected parties if it did happen...?
From an email Apple sent to developers in 2013, which does indeed say there is a possibility names, mailing addresses, and email addresses were accessed:
"Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.
In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon."
As usual, Apple is going to remain silent on the hack and pretend it never happened.
Well, why let a hacker know that he succeeded with which method?Irresponsible macrumors for making up a possible outcome that there is no evidence of having happened.
Look at the whole quote:
Back in 2013, Apple's Developer Center was breached by hackers ('https://www.macrumors.com/2013/07/19/apples-developer-center-experiences-daylong-outage/') and was taken offline for several days as Apple worked to fix the breach, rebuild the developer database, and implement better security practices. At that time, Apple said sensitive personal information was encrypted and inaccessible, but some developers' names, mailing addresses, and email addresses may have been leaked.
now read the first 3 words. that'll give you context for the last 3.
[ Read All Comments ]